Static code analysis tools (with multicasting chat sample)

In the modern world with the fast cycles of software development it is critical to develop applications with high quality but without long periods of testing and bug fixing. One of the key points for gaining such performance is using static code analysis tools. Let me provide some samples of such tools which can be useful for software development:
  • Clang Static Analyzer - open source source code analysis tool that finds bugs in C, C++, and Objective-C programs;
  • PyLint - a static code analyser for Python;
  • Perl-Critic - a static code analysis tool for Perl;
  • FxCop - static analysis for Microsoft .NET programs.
There are many other tools, a list of which you can find in wikipedia. Let's do static code analysis of a simple multicasting chat application:

Run PyLint for this script. See results below:
<skipped>
C:  1, 0: Missing module docstring (missing-docstring)
C:  9, 0: Invalid constant name "is_listening" (invalid-name)
W: 12,20: Redefining name 'is_listening' from outer scope (line 9) (redefined-outer-name)
W: 14,61: Redefining name 'sock' from outer scope (line 35) (redefined-outer-name)
C: 12, 0: Missing function docstring (missing-docstring)
C: 28, 0: Invalid constant name "name" (invalid-name)
C: 30, 0: Invalid constant name "listening_thread" (invalid-name)
C: 31, 0: Invalid constant name "is_listening" (invalid-name)
C: 39,16: Invalid constant name "line" (invalid-name)
C: 40,16: Invalid constant name "msg" (invalid-name)
C: 43,16: Invalid constant name "is_listening" (invalid-name)
<skipped>
Your code has been rated at 7.18/10
Not so good rating. Let's try to fix all warning with the changes like these:
  1. Missing module docstring - Code should be readable - developers write code for humans not machines, and good documentation is a key point for better understanding of the code. Add docstring to the top of the script: """ Multicasting chat application """
  2. Invalid constant name "is_listening" (invalid-name) - All global variables should be marked with uppercase symbols. Global variables are evil, especially in Python (if a function uses global variable, developer should mark it with the GLOBAL keyword - an error widespread among developers who do not know or forget this requirement). That's why I use lambda to pass parameter to the listen_messages function - in other case I had to use the GLOBAL keyword. To fix this warning I moved the whole script to 'main' function.
New version of the application (after all the actions above):

Surely those were the small issues, however PyLint support many more features:



And as a side effect, now you can enjoy chatting in your LAN without any servers and monstrous applications!

Comments

Post a Comment

Popular posts from this blog

Web application framework comparison by memory consumption

Memory consumption is slightly specific to my area of software development now, but I did some research recently and maybe these results can be useful for others. Of course, I know that precious comparison is very difficult to carry out, but actually I needed only overall picture. And let me admit that results are pretty interesting and even frustrated (at least for me). As a basis I took so-starving project, and measured initial RSS (Resident Set Size) of the each process (local development webservers). Platform: x86_64 Linux (latest Ubuntu with all updates). As a reference, here is the RSS of the interpreters in interactive console mode: Interpreter Version RSS (kB) stackless python 2.6.4 3916 ruby (via irb) 1.8.7 4664 python 2.7.1 5624 php 5.3.5 6924 v8 (via node.js shell) 2.5.9.9 8796 One more reference - the most simplest WSGI app ( example  in the Python documentation). It's RSS: 7336 Kb , so I assume it's almost impossible to consume l
Read more

Trac Ticket Workflow

Trac is the wiki and issue tracking system that is the most used for my software development projects. Let me share few hints about its ticket workflow, especially about the statuses, the roles of the participants, and let me give an example of the workflow config. But if you are interested in other things like Trac plugins, source browser, customizing, etc, let me know. All the information given below regards the workflow described at the end of the article. The original Trac workflow is missed vital features like the support for ticket verifying, or the required ticket statuses range, so I do not use it in my projects. The description of the main statuses: new - the ticket has been created; in-progress - the developer has began to work with the ticket; fixed - the ticket is fixed (the problem issued in the ticket is solved); verified - the ticket is verified (tester or PM has verified that the ticket is fixed correctly); closed - the ticket is closed (it's not
Read more

Shellcode detection using libemu

Shellcode can be seen as a list of instructions that has been developed in a manner that allows it to be injected in an application during runtime. Each security researcher face the shellcodes during their work, and in this article I'll show how to detect shellcodes using Python (via libemu Python binding). Few words about libemu : libemu is a small library written in C offering basic x86 emulation and shellcode detection using GetPC heuristics. Intended use is within network intrusion/prevention detections and honeypots. The information on the site is not actual in some places, so I'll give direct and clear instruction how to get and install libemu. Clone the git repository: $ git clone git://git.carnivore.it/libemu.git Firstly, configure, make and install libemu itself (without binding): $ autoreconf -v -i $ ./configure --prefix=/opt/libemu $ make $ sudo make install If you set up prefix as shown above, you have to add the library path to /etc/ld.so.conf file
Read more